-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support requirements.txt
and setup.py
as input
#5166
Comments
Thanks for the RFE. Thinking of I can imagine a script that parses >>> from pip._internal.network.session import PipSession
>>> from pip._internal.req.req_file import parse_requirements
>>> [i.requirement for i in parse_requirements("requirements.txt", PipSession())]
['requests', 'click'] |
Mostly not. ORT is regularly used to perform Open Source compliance checks on proprietary source code that is not published anywhere. |
I'm not a Python guy, but these guys seem to be discussing a new API for that. |
A solution would require executing You can also create a virtual environment and install the given package into the virtual environment (temporary), ex:
After that, you can ask what are the dependencies of the given package - using importlib metadata could be appropriate (as discussed in the linked issue). This is out of our scope so I'm not in favor of making changes in thoth-solver directly (and maintaining the solution on our end). It is specific to your use case. Nevertheless, if there would be identified overlap with efforts, we are happy to support you even in our codebase. |
My main use-case is that I want to get the whole dependency tree without actually installing any of it.
That's perfectly fine, I just wanted to check 😀 I guess it's better then for me to wait for the merge of pypa/pip#10748, that I discovered meanwhile. Looks like that'll do exactly what I'm looking for. |
/sig user-experience |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
/remove-lifecycle stale |
Check if this can be covered by |
Can run /close
|
@Gkrumbach07: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Is your feature request related to a problem? Please describe.
I'm looking at using
thoth-solver
in the ORT Analyzer as a replacement for the the custom scripts that we currently use for Python project dependency analysis. As the ORT Analyzer identifies the used package managers by the presence of what we call "definition files", we need to directly operate onrequirements.txt
orsetup.py
files in a code base.Describe the solution you'd like
It would be nice if the
thoth-solver
CLI had new options to point at arequirements.txt
orsetup.py
files to take the (direct) dependencies from.Describe alternatives you've considered
I've considered parsing
requirements.txt
orsetup.py
ourselves in ORT, and then passing the direct dependencies tothoth-solver
, but that seems error prone, and parsing of these files is better done in a project that's itself written in Python.Additional context
N/A.
The text was updated successfully, but these errors were encountered: